The Parent’s Guide to API Keys and Safety
Three steps to AI programming with your kid.
“Wait, I’m giving my toddler access to AI that can write code?”
Yes. And it’s safer than giving them YouTube. Here’s how to do it right.
First: What’s an API Key?
Think of it as a password that lets the AI work. You need one, it costs a little money when used, and you absolutely don’t want it public. That’s it. That’s all you need to know.
The Basic Safety Setup
1. Set spending limits (2 minutes)
Every AI service lets you set monthly limits. I set mine to $10. My toddler would need to build upwards of 500 games to hit that. When the limit’s reached, it just stops working. No surprise bills.
2. Use a password manager (already done, right?)
Your API key goes in your password manager, not a sticky note. I use 1Password, but Bitwarden’s free and excellent. Copy-paste when needed.
3. Separate user account (5 minutes)
Create a “Family Coding” user on your computer. It only has VS Code and a browser. No email, no shopping sites, no saved passwords. This is your coding sandbox.
The Advanced Move: Devcontainers
Want bulletproof safety? Devcontainers isolate the AI’s environment completely. It’s like giving the AI its own computer inside your computer. It can’t touch your files, can’t see your system, can’t do anything outside its box.
Here’s a simple setup. Create a folder called .devcontainer and a file inside it called devcontainer.json.
.devcontainer/devcontainer.json:
{
"name": "Toddler Dev Environment",
"image": "mcr.microsoft.com/devcontainers/javascript-node:1-20",
"features": {
"ghcr.io/devcontainers/features/common-utils:2": {}
},
"customizations": {
"vscode": {
"extensions": [
"anthropic.claude-code"
],
"settings": {
"editor.fontSize": 20,
"editor.wordWrap": "on",
"files.autoSave": "afterDelay",
"files.autoSaveDelay": 1000,
"terminal.integrated.fontSize": 16,
}
}
},
"postCreateCommand": "npm install -g @anthropic-ai/claude-code",
"remoteUser": "node"
}Save this, restart VS Code, and it’ll ask if you want to open in a container. Say yes. Now the AI can only work in this sealed environment.
What Can Actually Go Wrong?
Let’s be realistic about risks:
Could the AI write weird code?
Theoretically, yes. Practically, your toddler’s asking for truck games, not bitcoin miners. And you’re watching everything happen.
Could they rack up huge bills?
Not with spending limits. $10 max means $10 max.
Could they accidentally delete files?
Not anything unrecoverable if you're using a devcontainer.
The Reality Check
I’ve been doing this for months. The worst thing that’s happened? My son asked the AI to “make everything green” and it did. Everything. The horror.
Your toddler is safer building games with AI than:
Watching YouTube (no algorithm suggesting weird videos)
Playing mobile games (no ads or in-app purchases)
Using kid apps (no data collection)
The One Rule That Matters
You’re always there.
This isn’t your typical screen time. You’re sitting together, typing their words, watching the magic happen. You’re the filter, the guide, and the emergency stop button.
That’s better than any technical safety measure.
Your Action Items
Get an API key (Claude or OpenAI)
Set a $10 monthly limit
Put the key in your password manager
Create that devcontainer file (optional but recommended)
Start building!
We’re living in a moment where a 2-year-old’s imagination can become reality in minutes. Safely. Easily. Together.
When my son says “Make a race car game!” and we actually make it, I watch his understanding of what’s possible expand. He’s learning that computers aren’t mysterious boxes—they’re creative partners. He’s discovering that his ideas have value. That he can build, not just consume.
And it’s all happening safely, with you right there, guiding the adventure.
That’s not just safe. It’s magical.
Security questions? Reply and ask. I’ve probably overthought it already so you don’t have to!